From 73136297c1c8448b5802321e24d1c3d1c47e5b76 Mon Sep 17 00:00:00 2001 From: Andrew Reed <andrew@smallstep.com> Date: Fri, 13 Dec 2024 16:31:09 -0600 Subject: [PATCH] Generate docs --- docs/data-sources/account.md | 76 ----- docs/data-sources/attestation_authority.md | 37 --- docs/data-sources/collection.md | 39 --- docs/data-sources/collection_instance.md | 37 --- .../data-sources/device_collection_account.md | 166 ---------- docs/resources/account.md | 88 ----- docs/resources/attestation_authority.md | 54 ---- docs/resources/authority.md | 4 +- docs/resources/collection.md | 45 --- docs/resources/collection_instance.md | 46 --- docs/resources/device_collection.md | 152 --------- docs/resources/device_collection_account.md | 178 ---------- docs/resources/workload.md | 304 ------------------ .../data-source.tf | 4 - .../smallstep_collection/data-source.tf | 4 - .../data-source.tf | 5 - .../smallstep_attestation_authority/import.sh | 1 - .../resource.tf | 12 - .../resources/smallstep_collection/import.sh | 1 - .../smallstep_collection/resource.tf | 4 - .../smallstep_device_collection/aws.tf | 11 - .../smallstep_device_collection/azure.tf | 13 - .../smallstep_device_collection/provider.tf | 19 -- .../smallstep_device_collection/resource.tf | 26 -- .../smallstep_device_collection/tpm.tf | 10 - .../resources/smallstep_workload/redis.tf | 58 ---- .../resources/smallstep_workload/resource.tf | 28 -- templates/resources/device_collection.md.tmpl | 39 --- templates/resources/workload.md.tmpl | 31 -- 29 files changed, 2 insertions(+), 1490 deletions(-) delete mode 100644 docs/data-sources/account.md delete mode 100644 docs/data-sources/attestation_authority.md delete mode 100644 docs/data-sources/collection.md delete mode 100644 docs/data-sources/collection_instance.md delete mode 100644 docs/data-sources/device_collection_account.md delete mode 100644 docs/resources/account.md delete mode 100644 docs/resources/attestation_authority.md delete mode 100644 docs/resources/collection.md delete mode 100644 docs/resources/collection_instance.md delete mode 100644 docs/resources/device_collection.md delete mode 100644 docs/resources/device_collection_account.md delete mode 100644 docs/resources/workload.md delete mode 100644 examples/data-sources/smallstep_attestation_authority/data-source.tf delete mode 100644 examples/data-sources/smallstep_collection/data-source.tf delete mode 100644 examples/data-sources/smallstep_collection_instance/data-source.tf delete mode 100644 examples/resources/smallstep_attestation_authority/import.sh delete mode 100644 examples/resources/smallstep_attestation_authority/resource.tf delete mode 100644 examples/resources/smallstep_collection/import.sh delete mode 100644 examples/resources/smallstep_collection/resource.tf delete mode 100644 examples/resources/smallstep_device_collection/aws.tf delete mode 100644 examples/resources/smallstep_device_collection/azure.tf delete mode 100644 examples/resources/smallstep_device_collection/provider.tf delete mode 100644 examples/resources/smallstep_device_collection/resource.tf delete mode 100644 examples/resources/smallstep_device_collection/tpm.tf delete mode 100644 examples/resources/smallstep_workload/redis.tf delete mode 100644 examples/resources/smallstep_workload/resource.tf delete mode 100644 templates/resources/device_collection.md.tmpl delete mode 100644 templates/resources/workload.md.tmpl diff --git a/docs/data-sources/account.md b/docs/data-sources/account.md deleted file mode 100644 index f8d306d..0000000 --- a/docs/data-sources/account.md +++ /dev/null @@ -1,76 +0,0 @@ ---- -# generated by https://github.com/hashicorp/terraform-plugin-docs -page_title: "smallstep_account Data Source - terraform-provider-smallstep" -subcategory: "" -description: |- - ---- - -# smallstep_account (Data Source) - - - - - -<!-- schema generated by tfplugindocs --> -## Schema - -### Read-Only - -- `browser` (Attributes) Configuration to use a client certificate. (see [below for nested schema](#nestedatt--browser)) -- `ethernet` (Attributes) Configuration to connect a device to a protected LAN. (see [below for nested schema](#nestedatt--ethernet)) -- `id` (String) The ID of this resource. -- `name` (String) -- `vpn` (Attributes) Configuration to connect a device to a VPN. (see [below for nested schema](#nestedatt--vpn)) -- `wifi` (Attributes) Configuration to connect a device to a protected WiFi network. (see [below for nested schema](#nestedatt--wifi)) - -<a id="nestedatt--browser"></a> -### Nested Schema for `browser` - - -<a id="nestedatt--ethernet"></a> -### Nested Schema for `ethernet` - -Read-Only: - -- `autojoin` (Boolean) -- `ca_chain` (String) -- `external_radius_server` (Boolean) -- `network_access_server_ip` (String) - - -<a id="nestedatt--vpn"></a> -### Nested Schema for `vpn` - -Read-Only: - -- `autojoin` (Boolean) -- `connection_type` (String) Allowed values: `IPSec` `IKEv2` `SSL` -- `ike` (Attributes) (see [below for nested schema](#nestedatt--vpn--ike)) -- `remote_address` (String) -- `vendor` (String) Allowed values: `F5` `Cisco` `Juniper` - -<a id="nestedatt--vpn--ike"></a> -### Nested Schema for `vpn.ike` - -Read-Only: - -- `ca_chain` (String) -- `eap` (Boolean) -- `remote_id` (String) Typically, the common name of the remote server. Defaults to the remote address. - - - -<a id="nestedatt--wifi"></a> -### Nested Schema for `wifi` - -Read-Only: - -- `autojoin` (Boolean) -- `ca_chain` (String) -- `external_radius_server` (Boolean) -- `hidden` (Boolean) -- `network_access_server_ip` (String) -- `ssid` (String) - - diff --git a/docs/data-sources/attestation_authority.md b/docs/data-sources/attestation_authority.md deleted file mode 100644 index fa884b5..0000000 --- a/docs/data-sources/attestation_authority.md +++ /dev/null @@ -1,37 +0,0 @@ ---- -# generated by https://github.com/hashicorp/terraform-plugin-docs -page_title: "smallstep_attestation_authority Data Source - terraform-provider-smallstep" -subcategory: "" -description: |- - An attestation authority used with the device-attest-01 ACME challenge to verify a device's hardware identity. This object is experimental and subject to change. ---- - -# smallstep_attestation_authority (Data Source) - -An attestation authority used with the device-attest-01 ACME challenge to verify a device's hardware identity. This object is experimental and subject to change. - -## Example Usage - -```terraform -data "smallstep_attestation_authority" "aa" { - id = "4958f125-8e2a-4c99-8c32-832b25e5569e" -} -``` - -<!-- schema generated by tfplugindocs --> -## Schema - -### Required - -- `id` (String) A UUID identifying this attestation authority. Read only. - -### Read-Only - -- `attestor_intermediates` (String) The pem-encoded list of intermediate certificates used to build a chain of trust to verify the attestation certificates submitted by devices. -- `attestor_roots` (String) The pem-encoded list of certificates used to verify the attestation certificates submitted by devices. -- `created_at` (String) Timestamp in RFC3339 format when the attestation authority was created. -- `name` (String) The name of the attestation authority. -- `root` (String) The pem-encoded root certificate of this attestation authority. This is generated server-side when the attestation authority is created. This certificate should be used in the `attestationRoots` field of an ACME_ATTESTATION provisioner with the `tpm` format. -- `slug` (String) A short name for this attestation authority. Read only. - - diff --git a/docs/data-sources/collection.md b/docs/data-sources/collection.md deleted file mode 100644 index b7629e9..0000000 --- a/docs/data-sources/collection.md +++ /dev/null @@ -1,39 +0,0 @@ ---- -# generated by https://github.com/hashicorp/terraform-plugin-docs -page_title: "smallstep_collection Data Source - terraform-provider-smallstep" -subcategory: "" -description: |- - A collection of instances. ---- - -# smallstep_collection (Data Source) - -A collection of instances. - -## Example Usage - -```terraform -data "smallstep_collection" "tpms" { - slug = "tpms" -} -``` - -<!-- schema generated by tfplugindocs --> -## Schema - -### Required - -- `slug` (String) A lowercase name identifying the collection. - -### Optional - -- `schema_uri` (String) Reference to a schema that all instances in the collection must conform to. - -### Read-Only - -- `created_at` (String) Timestamp in RFC3339 format when the collections was created -- `display_name` (String) A user-friendly name for the collection. -- `instance_count` (Number) The number of instances in the collection. -- `updated_at` (String) Timestamp in RFC3339 format when the collections was last updated - - diff --git a/docs/data-sources/collection_instance.md b/docs/data-sources/collection_instance.md deleted file mode 100644 index 0d59253..0000000 --- a/docs/data-sources/collection_instance.md +++ /dev/null @@ -1,37 +0,0 @@ ---- -# generated by https://github.com/hashicorp/terraform-plugin-docs -page_title: "smallstep_collection_instance Data Source - terraform-provider-smallstep" -subcategory: "" -description: |- - An instance in a collection. ---- - -# smallstep_collection_instance (Data Source) - -An instance in a collection. - -## Example Usage - -```terraform -data "smallstep_collection_instance" "tpm1" { - collection_slug = "tpms" - id = "urn:ek:sha256:RAzbOveN1Y45fYubuTxu5jOXWtOK1HbfZ7yHjBuWlyE=" -} -``` - -<!-- schema generated by tfplugindocs --> -## Schema - -### Required - -- `collection_slug` (String) The slug of the collection this instance belongs to - -### Read-Only - -- `created_at` (String) Timestamp in RFC3339 format when the instance was added to the collection. -- `data` (String) The instance data. -- `id` (String) The ID of this resource. -- `out_data` (String) The instance data. -- `updated_at` (String) Timestamp in RFC3339 format when the instance was last changed. - - diff --git a/docs/data-sources/device_collection_account.md b/docs/data-sources/device_collection_account.md deleted file mode 100644 index 8eebf15..0000000 --- a/docs/data-sources/device_collection_account.md +++ /dev/null @@ -1,166 +0,0 @@ ---- -# generated by https://github.com/hashicorp/terraform-plugin-docs -page_title: "smallstep_device_collection_account Data Source - terraform-provider-smallstep" -subcategory: "" -description: |- - The certificate details binding an account to a device collection. ---- - -# smallstep_device_collection_account (Data Source) - -The certificate details binding an account to a device collection. - - - -<!-- schema generated by tfplugindocs --> -## Schema - -### Required - -- `device_collection_slug` (String) -- `slug` (String) Used as the identifier for the device collection account. - -### Optional - -- `account_id` (String) Identifier of the account. -- `authority_id` (String) A UUID identifying the authority to issue certificates for the account on devices in the collection. -- `certificate_data` (Attributes) (see [below for nested schema](#nestedatt--certificate_data)) -- `certificate_info` (Attributes) Details on a managed certificate. (see [below for nested schema](#nestedatt--certificate_info)) -- `display_name` (String) A friendly name for the device collection account. Also used as the Common Name, if no static SANs are provided. -- `key_info` (Attributes) The attributes of the cryptographic key. (see [below for nested schema](#nestedatt--key_info)) -- `reload_info` (Attributes) The properties used to reload a service. (see [below for nested schema](#nestedatt--reload_info)) - -<a id="nestedatt--certificate_data"></a> -### Nested Schema for `certificate_data` - -Optional: - -- `common_name` (Attributes) (see [below for nested schema](#nestedatt--certificate_data--common_name)) -- `country` (Attributes) (see [below for nested schema](#nestedatt--certificate_data--country)) -- `locality` (Attributes) (see [below for nested schema](#nestedatt--certificate_data--locality)) -- `organization` (Attributes) (see [below for nested schema](#nestedatt--certificate_data--organization)) -- `organizational_unit` (Attributes) (see [below for nested schema](#nestedatt--certificate_data--organizational_unit)) -- `postal_code` (Attributes) (see [below for nested schema](#nestedatt--certificate_data--postal_code)) -- `province` (Attributes) (see [below for nested schema](#nestedatt--certificate_data--province)) -- `sans` (Attributes) (see [below for nested schema](#nestedatt--certificate_data--sans)) -- `street_address` (Attributes) (see [below for nested schema](#nestedatt--certificate_data--street_address)) - -<a id="nestedatt--certificate_data--common_name"></a> -### Nested Schema for `certificate_data.common_name` - -Optional: - -- `device_metadata` (String) -- `static` (String) - - -<a id="nestedatt--certificate_data--country"></a> -### Nested Schema for `certificate_data.country` - -Optional: - -- `device_metadata` (List of String) -- `static` (List of String) - - -<a id="nestedatt--certificate_data--locality"></a> -### Nested Schema for `certificate_data.locality` - -Optional: - -- `device_metadata` (List of String) -- `static` (List of String) - - -<a id="nestedatt--certificate_data--organization"></a> -### Nested Schema for `certificate_data.organization` - -Optional: - -- `device_metadata` (List of String) -- `static` (List of String) - - -<a id="nestedatt--certificate_data--organizational_unit"></a> -### Nested Schema for `certificate_data.organizational_unit` - -Optional: - -- `device_metadata` (List of String) -- `static` (List of String) - - -<a id="nestedatt--certificate_data--postal_code"></a> -### Nested Schema for `certificate_data.postal_code` - -Optional: - -- `device_metadata` (List of String) -- `static` (List of String) - - -<a id="nestedatt--certificate_data--province"></a> -### Nested Schema for `certificate_data.province` - -Optional: - -- `device_metadata` (List of String) -- `static` (List of String) - - -<a id="nestedatt--certificate_data--sans"></a> -### Nested Schema for `certificate_data.sans` - -Optional: - -- `device_metadata` (List of String) -- `static` (List of String) - - -<a id="nestedatt--certificate_data--street_address"></a> -### Nested Schema for `certificate_data.street_address` - -Optional: - -- `device_metadata` (List of String) -- `static` (List of String) - - - -<a id="nestedatt--certificate_info"></a> -### Nested Schema for `certificate_info` - -Optional: - -- `crt_file` (String) The filepath where the certificate is to be stored. -- `duration` (String) The certificate lifetime. Parsed as a [Golang duration](https://pkg.go.dev/time#ParseDuration). -- `gid` (Number) GID of the files where the certificate is stored. -- `key_file` (String) The filepath where the key is to be stored. -- `mode` (Number) Permission bits of the files where the certificate is stored. -- `root_file` (String) The filepath where the root certificate is to be stored. -- `type` (String) The type of certificate. Allowed values: `X509` `SSH_USER` `SSH_HOST` -- `uid` (Number) UID of the files where the certificate is stored. - - -<a id="nestedatt--key_info"></a> -### Nested Schema for `key_info` - -Optional: - -- `format` (String) The format used to encode the private key. For X509 keys the default format is PKCS#8. The classic format is PKCS#1 for RSA keys, SEC 1 for ECDSA keys, and PKCS#8 for ED25519 keys. For SSH keys the default format is always the OPENSSH format. When a hardware module is used to store the keys the default will be a JSON representation of the key, except on Linux where tss2 will be used. Allowed values: `DEFAULT` `PKCS8` `OPENSSH` `TSS2` `CLASSIC` -- `protection` (String) Whether to use a hardware module to store the private key for a workload certificate. If set to `NONE` no hardware module will be used. If set to `DEFAULT` a hardware module will only be used with format `TSS2`. `HARDWARE_WITH_FALLBACK` can only be used with the key format `DEFAULT`. Allowed values: `DEFAULT` `NONE` `HARDWARE` `HARDWARE_WITH_FALLBACK` `HARDWARE_ATTESTED` -- `pub_file` (String) A CSR or SSH public key to use instead of generating one. -- `type` (String) The key type used. The current DEFAULT type is ECDSA_P256. Allowed values: `DEFAULT` `ECDSA_P256` `ECDSA_P384` `ECDSA_P521` `RSA_2048` `RSA_3072` `RSA_4096` `ED25519` - - -<a id="nestedatt--reload_info"></a> -### Nested Schema for `reload_info` - -Optional: - -- `method` (String) Ways an endpoint can reload a certificate. `AUTOMATIC` means the process is able to detect and reload new certificates automatically. `CUSTOM` means a custom command must be run to trigger the workload to reload the certificates. `SIGNAL` will configure the agent to send a signal to the process in `pidFile`. `DBUS` will use the systemd system bus to issue a `try-reload-or-restart` job for unit specified by `unitName`. `PLATFORM` uses a method specific to the operating system. Allowed values: `AUTOMATIC` `CUSTOM` `SIGNAL` `DBUS` `PLATFORM` -- `pid_file` (String) File that holds the pid of the process to signal. Required when method is SIGNAL. -- `signal` (Number) The signal to send to a process when a certificate should be reloaded. Required when method is SIGNAL. -- `unit_name` (String) The systemd unit name to reload when a certificate should be reloaded. Required when method is DBUS. - - diff --git a/docs/resources/account.md b/docs/resources/account.md deleted file mode 100644 index 7a9e650..0000000 --- a/docs/resources/account.md +++ /dev/null @@ -1,88 +0,0 @@ ---- -# generated by https://github.com/hashicorp/terraform-plugin-docs -page_title: "smallstep_account Resource - terraform-provider-smallstep" -subcategory: "" -description: |- - ---- - -# smallstep_account (Resource) - - - - - -<!-- schema generated by tfplugindocs --> -## Schema - -### Required - -- `name` (String) - -### Optional - -- `browser` (Attributes) Configuration to use a client certificate. (see [below for nested schema](#nestedatt--browser)) -- `ethernet` (Attributes) Configuration to connect a device to a protected LAN. (see [below for nested schema](#nestedatt--ethernet)) -- `vpn` (Attributes) Configuration to connect a device to a VPN. (see [below for nested schema](#nestedatt--vpn)) -- `wifi` (Attributes) Configuration to connect a device to a protected WiFi network. (see [below for nested schema](#nestedatt--wifi)) - -### Read-Only - -- `id` (String) The ID of this resource. - -<a id="nestedatt--browser"></a> -### Nested Schema for `browser` - - -<a id="nestedatt--ethernet"></a> -### Nested Schema for `ethernet` - -Optional: - -- `autojoin` (Boolean) -- `ca_chain` (String) -- `external_radius_server` (Boolean) -- `network_access_server_ip` (String) - - -<a id="nestedatt--vpn"></a> -### Nested Schema for `vpn` - -Required: - -- `connection_type` (String) Allowed values: `IPSec` `IKEv2` `SSL` -- `remote_address` (String) - -Optional: - -- `autojoin` (Boolean) -- `ike` (Attributes) (see [below for nested schema](#nestedatt--vpn--ike)) -- `vendor` (String) Allowed values: `F5` `Cisco` `Juniper` - -<a id="nestedatt--vpn--ike"></a> -### Nested Schema for `vpn.ike` - -Optional: - -- `ca_chain` (String) -- `eap` (Boolean) -- `remote_id` (String) Typically, the common name of the remote server. Defaults to the remote address. - - - -<a id="nestedatt--wifi"></a> -### Nested Schema for `wifi` - -Required: - -- `ssid` (String) - -Optional: - -- `autojoin` (Boolean) -- `ca_chain` (String) -- `external_radius_server` (Boolean) -- `hidden` (Boolean) -- `network_access_server_ip` (String) - - diff --git a/docs/resources/attestation_authority.md b/docs/resources/attestation_authority.md deleted file mode 100644 index c619373..0000000 --- a/docs/resources/attestation_authority.md +++ /dev/null @@ -1,54 +0,0 @@ ---- -# generated by https://github.com/hashicorp/terraform-plugin-docs -page_title: "smallstep_attestation_authority Resource - terraform-provider-smallstep" -subcategory: "" -description: |- - An attestation authority used with the device-attest-01 ACME challenge to verify a device's hardware identity. This object is experimental and subject to change. ---- - -# smallstep_attestation_authority (Resource) - -An attestation authority used with the device-attest-01 ACME challenge to verify a device's hardware identity. This object is experimental and subject to change. - -## Example Usage - -```terraform -resource "smallstep_collection" "tpms" { - slug = "tpms" -} - -resource "smallstep_attestation_authority" "aa" { - name = "Foo Attest" - catalog = smallstep_collection.tpms.slug - attestor_roots = "-----BEGIN CERTIFICATE-----\n..." - attestor_intermediates = "----- BEGIN CERTIFICATE-----\n..." - depends_on = [smallstep_collection.tpms] -} -``` - -<!-- schema generated by tfplugindocs --> -## Schema - -### Required - -- `attestor_roots` (String) The pem-encoded list of certificates used to verify the attestation certificates submitted by devices. -- `name` (String) The name of the attestation authority. - -### Optional - -- `attestor_intermediates` (String) The pem-encoded list of intermediate certificates used to build a chain of trust to verify the attestation certificates submitted by devices. - -### Read-Only - -- `created_at` (String) Timestamp in RFC3339 format when the attestation authority was created. -- `id` (String) A UUID identifying this attestation authority. Read only. -- `root` (String) The pem-encoded root certificate of this attestation authority. This is generated server-side when the attestation authority is created. This certificate should be used in the `attestationRoots` field of an ACME_ATTESTATION provisioner with the `tpm` format. -- `slug` (String) A short name for this attestation authority. Read only. - -## Import - -Import is supported using the following syntax: - -```shell -terraform import smallstep_attestation_authority.aa 4958f125-8e2a-4c99-8c32-832b25e5569e -``` diff --git a/docs/resources/authority.md b/docs/resources/authority.md index d54f109..ef53e70 100644 --- a/docs/resources/authority.md +++ b/docs/resources/authority.md @@ -110,7 +110,7 @@ Optional: - `duration` (String) The certificate lifetime. Parsed as a [Golang duration](https://pkg.go.dev/time#ParseDuration). - `max_path_length` (Number) -- `name_constraints` (Attributes) X509 certificate name constraints. (see [below for nested schema](#nestedatt--intermediate_issuer--name_constraints)) +- `name_constraints` (Attributes) X509 certificate name constratins. (see [below for nested schema](#nestedatt--intermediate_issuer--name_constraints)) - `subject` (Attributes) Name used in x509 certificates (see [below for nested schema](#nestedatt--intermediate_issuer--subject)) <a id="nestedatt--intermediate_issuer--name_constraints"></a> @@ -160,7 +160,7 @@ Optional: - `duration` (String) The certificate lifetime. Parsed as a [Golang duration](https://pkg.go.dev/time#ParseDuration). - `max_path_length` (Number) -- `name_constraints` (Attributes) X509 certificate name constraints. (see [below for nested schema](#nestedatt--root_issuer--name_constraints)) +- `name_constraints` (Attributes) X509 certificate name constratins. (see [below for nested schema](#nestedatt--root_issuer--name_constraints)) - `subject` (Attributes) Name used in x509 certificates (see [below for nested schema](#nestedatt--root_issuer--subject)) <a id="nestedatt--root_issuer--name_constraints"></a> diff --git a/docs/resources/collection.md b/docs/resources/collection.md deleted file mode 100644 index 24bbcdc..0000000 --- a/docs/resources/collection.md +++ /dev/null @@ -1,45 +0,0 @@ ---- -# generated by https://github.com/hashicorp/terraform-plugin-docs -page_title: "smallstep_collection Resource - terraform-provider-smallstep" -subcategory: "" -description: |- - A collection of instances. ---- - -# smallstep_collection (Resource) - -A collection of instances. - -## Example Usage - -```terraform -resource "smallstep_collection" "tpms" { - slug = "tpms" -} -``` - -<!-- schema generated by tfplugindocs --> -## Schema - -### Required - -- `slug` (String) A lowercase name identifying the collection. - -### Optional - -- `display_name` (String) A user-friendly name for the collection. -- `schema_uri` (String) Reference to a schema that all instances in the collection must conform to. - -### Read-Only - -- `created_at` (String) Timestamp in RFC3339 format when the collections was created -- `instance_count` (Number) The number of instances in the collection. -- `updated_at` (String) Timestamp in RFC3339 format when the collections was last updated - -## Import - -Import is supported using the following syntax: - -```shell -terraform import smallstep_collection.devices devices -``` diff --git a/docs/resources/collection_instance.md b/docs/resources/collection_instance.md deleted file mode 100644 index eb8a143..0000000 --- a/docs/resources/collection_instance.md +++ /dev/null @@ -1,46 +0,0 @@ ---- -# generated by https://github.com/hashicorp/terraform-plugin-docs -page_title: "smallstep_collection_instance Resource - terraform-provider-smallstep" -subcategory: "" -description: |- - An instance in a collection. ---- - -# smallstep_collection_instance (Resource) - -An instance in a collection. - -## Example Usage - -```terraform -resource "smallstep_collection_instance" "server1" { - id = "urn:ek:sha256:RAzbOveN1Y45fYubuTxu5jOXWtOK1HbfZ7yHjBuWlyE=" - data = "{}" - collection_slug = smallstep_collection.tpms.slug - depends_on = [smallstep_collection.tpms] -} -``` - -<!-- schema generated by tfplugindocs --> -## Schema - -### Required - -- `collection_slug` (String) The collection will be created implicitly if it does not exist. -If creating this collection with a smallstep_collection resource in the same config you MUST use depends_on to avoid race conditions. -- `data` (String) The instance data. - -### Read-Only - -- `created_at` (String) Timestamp in RFC3339 format when the instance was added to the collection. -- `id` (String) The ID of this resource. -- `out_data` (String) The instance data stored after any modifications made server-side. If the instance belongs to a device collection a host ID attribute will be added to the data. -- `updated_at` (String) Timestamp in RFC3339 format when the instance was last changed. - -## Import - -Import is supported using the following syntax: - -```shell -terraform import smallstep_collection_instance.device1 devicescollection/device1 -``` diff --git a/docs/resources/device_collection.md b/docs/resources/device_collection.md deleted file mode 100644 index fad38eb..0000000 --- a/docs/resources/device_collection.md +++ /dev/null @@ -1,152 +0,0 @@ ---- -# generated by https://github.com/hashicorp/terraform-plugin-docs -page_title: "smallstep_device_collection Resource - terraform-provider-smallstep" -subcategory: "" -description: |- - Configuration to create a new device collection. ---- - -# smallstep_device_collection (Resource) - -Configuration to create a new device collection. - -## Example Usage - -### GCP VM Device Collection with GCE Instance - -```terraform -resource "smallstep_device_collection" "gcp" { - slug = "gce" - display_name = "GCE" - device_type = "gcp-vm" - gcp_vm = { - service_accounts = ["pki@prod-1234.iam.gserviceaccount.com"] - } - admin_emails = ["admin@example.com"] -} - -data "google_compute_instance" "dbserver" { - name = "dbserver" - zone = "us-central1-b" -} - -resource "smallstep_collection_instance" "dbserver" { - depends_on = [smallstep_device_collection.gcp] - collection_slug = smallstep_device_collection.gcp.slug - id = data.google_compute_instance.dbserver.instance_id - data = jsonencode({ - "hostname" = data.google_compute_instance.dbserver.name - "private_ip" = data.google_compute_instance.dbserver.network_interface.0.network_ip - "public_ip" = data.google_compute_instance.dbserver.network_interface.0.access_config[0].nat_ip - }) -} -``` - -### TPM Device Collection - -```terraform -resource "smallstep_device_collection" "tpm" { - slug = "tmpservers" - display_name = "TPM Servers" - admin_emails = ["admin@example.com"] - device_type = "tpm" - tpm = { - attestor_roots = file("${path.module}/root.crt") - } -} -``` - -### EC2 Device Collection - -```terraform -resource "smallstep_device_collection" "aws" { - slug = "ec2west" - display_name = "EC2 West" - admin_emails = ["admin@example.com"] - device_type = "aws-vm" - aws_vm = { - accounts = ["0123456789"] - disable_custom_sans = false - } -} -``` - -### Azure VM Device Collection - -```terraform -resource "smallstep_device_collection" "azure" { - slug = "azure" - display_name = "Azure VMs" - admin_emails = ["admin@example.com"] - device_type = "azure-vm" - azure_vm = { - tenant_id = "76543210" - resource_groups = ["0123456789"] - disable_custom_sans = false - audience = "" - } -} -``` - -<!-- schema generated by tfplugindocs --> -## Schema - -### Required - -- `authority_id` (String) A UUID identifying the authority to issue certificates for the agent running on devices in the collection. -- `device_type` (String) Must match the deviceTypeConfiguration. Cannot be changed. Allowed values: `aws-vm` `azure-vm` `gcp-vm` `tpm` -- `display_name` (String) -- `slug` (String) - -### Optional - -- `aws_vm` (Attributes) Configuration for an AWS provisioner for a device collection of AWS VMs. (see [below for nested schema](#nestedatt--aws_vm)) -- `azure_vm` (Attributes) (see [below for nested schema](#nestedatt--azure_vm)) -- `gcp_vm` (Attributes) Configuration for the GCP provisioner for device collections of GCP instances. At least one service account or project ID must be set. (see [below for nested schema](#nestedatt--gcp_vm)) -- `tpm` (Attributes) Configuration for a device collection of machines with TPMs. (see [below for nested schema](#nestedatt--tpm)) - -<a id="nestedatt--aws_vm"></a> -### Nested Schema for `aws_vm` - -Required: - -- `accounts` (Set of String) The list of AWS account IDs that are allowed to use an AWS cloud provisioner. - -Optional: - -- `disable_custom_sans` (Boolean) By default custom SANs are valid, but if this option is set to `true` only the SANs available in the instance identity document will be valid. These are the private IP and the DNS ip-<private-ip>.<region>.compute.internal. - - -<a id="nestedatt--azure_vm"></a> -### Nested Schema for `azure_vm` - -Required: - -- `resource_groups` (Set of String) The list of resource group names that are allowed to use this provisioner. -- `tenant_id` (String) The Azure account tenant ID for this provisioner. This ID is the Directory ID available in the Azure Active Directory properties. - -Optional: - -- `audience` (String) Defaults to https://management.azure.com/ but it can be changed if necessary. -- `disable_custom_sans` (Boolean) By default custom SANs are valid, but if this option is set to `true` only the SANs available in the token will be valid, in Azure only the virtual machine name is available. - - -<a id="nestedatt--gcp_vm"></a> -### Nested Schema for `gcp_vm` - -Optional: - -- `disable_custom_sans` (Boolean) By default custom SANs are valid, but if this option is set to `true` only the SANs available in the instance identity document will be valid, these are the DNS `<instance-name>.c.<project-id>.internal` and `<instance-name>.<zone>.c.<project-id>.internal`. -- `project_ids` (Set of String) The list of project identifiers that are allowed to use a GCP cloud provisioner. -- `service_accounts` (Set of String) The list of service accounts that are allowed to use a GCP cloud provisioner. - - -<a id="nestedatt--tpm"></a> -### Nested Schema for `tpm` - -Optional: - -- `attestor_intermediates` (String) The pem-encoded list of intermediate certificates used to build a chain of trust to verify the attestation certificates submitted by agents. Ignored if the team already has an attestation authority. -- `attestor_roots` (String) The pem-encoded list of certificates used to verify the attestation certificates submitted by agents. Ignored if the team already has an attestation authority. Required if the team does not already have an attestation authority. -- `force_cn` (Boolean) Force one of the SANs to become the Common Name, if a Common Name is not provided. -- `require_eab` (Boolean) Only ACME clients that have been preconfigured with valid EAB credentials will be able to create an account with this provisioner. diff --git a/docs/resources/device_collection_account.md b/docs/resources/device_collection_account.md deleted file mode 100644 index 6bc80c8..0000000 --- a/docs/resources/device_collection_account.md +++ /dev/null @@ -1,178 +0,0 @@ ---- -# generated by https://github.com/hashicorp/terraform-plugin-docs -page_title: "smallstep_device_collection_account Resource - terraform-provider-smallstep" -subcategory: "" -description: |- - The certificate details binding an account to a device collection. ---- - -# smallstep_device_collection_account (Resource) - -The certificate details binding an account to a device collection. - - - -<!-- schema generated by tfplugindocs --> -## Schema - -### Required - -- `account_id` (String) Identifier of the account. -- `authority_id` (String) A UUID identifying the authority to issue certificates for the account on devices in the collection. -- `certificate_data` (Attributes) (see [below for nested schema](#nestedatt--certificate_data)) -- `certificate_info` (Attributes) Details on a managed certificate. (see [below for nested schema](#nestedatt--certificate_info)) -- `device_collection_slug` (String) -- `display_name` (String) A friendly name for the device collection account. Also used as the Common Name, if no static SANs are provided. -- `key_info` (Attributes) The attributes of the cryptographic key. (see [below for nested schema](#nestedatt--key_info)) -- `slug` (String) Used as the identifier for the device collection account. - -### Optional - -- `reload_info` (Attributes) The properties used to reload a service. (see [below for nested schema](#nestedatt--reload_info)) - -<a id="nestedatt--certificate_data"></a> -### Nested Schema for `certificate_data` - -Required: - -- `common_name` (Attributes) (see [below for nested schema](#nestedatt--certificate_data--common_name)) - -Optional: - -- `country` (Attributes) (see [below for nested schema](#nestedatt--certificate_data--country)) -- `locality` (Attributes) (see [below for nested schema](#nestedatt--certificate_data--locality)) -- `organization` (Attributes) (see [below for nested schema](#nestedatt--certificate_data--organization)) -- `organizational_unit` (Attributes) (see [below for nested schema](#nestedatt--certificate_data--organizational_unit)) -- `postal_code` (Attributes) (see [below for nested schema](#nestedatt--certificate_data--postal_code)) -- `province` (Attributes) (see [below for nested schema](#nestedatt--certificate_data--province)) -- `sans` (Attributes) (see [below for nested schema](#nestedatt--certificate_data--sans)) -- `street_address` (Attributes) (see [below for nested schema](#nestedatt--certificate_data--street_address)) - -<a id="nestedatt--certificate_data--common_name"></a> -### Nested Schema for `certificate_data.common_name` - -Optional: - -- `device_metadata` (String) -- `static` (String) - - -<a id="nestedatt--certificate_data--country"></a> -### Nested Schema for `certificate_data.country` - -Optional: - -- `device_metadata` (List of String) -- `static` (List of String) - - -<a id="nestedatt--certificate_data--locality"></a> -### Nested Schema for `certificate_data.locality` - -Optional: - -- `device_metadata` (List of String) -- `static` (List of String) - - -<a id="nestedatt--certificate_data--organization"></a> -### Nested Schema for `certificate_data.organization` - -Optional: - -- `device_metadata` (List of String) -- `static` (List of String) - - -<a id="nestedatt--certificate_data--organizational_unit"></a> -### Nested Schema for `certificate_data.organizational_unit` - -Optional: - -- `device_metadata` (List of String) -- `static` (List of String) - - -<a id="nestedatt--certificate_data--postal_code"></a> -### Nested Schema for `certificate_data.postal_code` - -Optional: - -- `device_metadata` (List of String) -- `static` (List of String) - - -<a id="nestedatt--certificate_data--province"></a> -### Nested Schema for `certificate_data.province` - -Optional: - -- `device_metadata` (List of String) -- `static` (List of String) - - -<a id="nestedatt--certificate_data--sans"></a> -### Nested Schema for `certificate_data.sans` - -Optional: - -- `device_metadata` (List of String) -- `static` (List of String) - - -<a id="nestedatt--certificate_data--street_address"></a> -### Nested Schema for `certificate_data.street_address` - -Optional: - -- `device_metadata` (List of String) -- `static` (List of String) - - - -<a id="nestedatt--certificate_info"></a> -### Nested Schema for `certificate_info` - -Required: - -- `type` (String) The type of certificate. Allowed values: `X509` `SSH_USER` `SSH_HOST` - -Optional: - -- `crt_file` (String) The filepath where the certificate is to be stored. -- `duration` (String) The certificate lifetime. Parsed as a [Golang duration](https://pkg.go.dev/time#ParseDuration). -- `gid` (Number) GID of the files where the certificate is stored. -- `key_file` (String) The filepath where the key is to be stored. -- `mode` (Number) Permission bits of the files where the certificate is stored. -- `root_file` (String) The filepath where the root certificate is to be stored. -- `uid` (Number) UID of the files where the certificate is stored. - - -<a id="nestedatt--key_info"></a> -### Nested Schema for `key_info` - -Required: - -- `format` (String) The format used to encode the private key. For X509 keys the default format is PKCS#8. The classic format is PKCS#1 for RSA keys, SEC 1 for ECDSA keys, and PKCS#8 for ED25519 keys. For SSH keys the default format is always the OPENSSH format. When a hardware module is used to store the keys the default will be a JSON representation of the key, except on Linux where tss2 will be used. Allowed values: `DEFAULT` `PKCS8` `OPENSSH` `TSS2` `CLASSIC` -- `type` (String) The key type used. The current DEFAULT type is ECDSA_P256. Allowed values: `DEFAULT` `ECDSA_P256` `ECDSA_P384` `ECDSA_P521` `RSA_2048` `RSA_3072` `RSA_4096` `ED25519` - -Optional: - -- `protection` (String) Whether to use a hardware module to store the private key for a workload certificate. If set to `NONE` no hardware module will be used. If set to `DEFAULT` a hardware module will only be used with format `TSS2`. `HARDWARE_WITH_FALLBACK` can only be used with the key format `DEFAULT`. Allowed values: `DEFAULT` `NONE` `HARDWARE` `HARDWARE_WITH_FALLBACK` `HARDWARE_ATTESTED` -- `pub_file` (String) A CSR or SSH public key to use instead of generating one. - - -<a id="nestedatt--reload_info"></a> -### Nested Schema for `reload_info` - -Required: - -- `method` (String) Ways an endpoint can reload a certificate. `AUTOMATIC` means the process is able to detect and reload new certificates automatically. `CUSTOM` means a custom command must be run to trigger the workload to reload the certificates. `SIGNAL` will configure the agent to send a signal to the process in `pidFile`. `DBUS` will use the systemd system bus to issue a `try-reload-or-restart` job for unit specified by `unitName`. `PLATFORM` uses a method specific to the operating system. Allowed values: `AUTOMATIC` `CUSTOM` `SIGNAL` `DBUS` `PLATFORM` - -Optional: - -- `pid_file` (String) File that holds the pid of the process to signal. Required when method is SIGNAL. -- `signal` (Number) The signal to send to a process when a certificate should be reloaded. Required when method is SIGNAL. -- `unit_name` (String) The systemd unit name to reload when a certificate should be reloaded. Required when method is DBUS. - - diff --git a/docs/resources/workload.md b/docs/resources/workload.md deleted file mode 100644 index 64df23e..0000000 --- a/docs/resources/workload.md +++ /dev/null @@ -1,304 +0,0 @@ ---- -# generated by https://github.com/hashicorp/terraform-plugin-docs -page_title: "smallstep_workload Resource - terraform-provider-smallstep" -subcategory: "" -description: |- - A workload represents anything that uses a certificate. ---- - -# smallstep_workload (Resource) - -A workload represents anything that uses a certificate. - -## Example Usage - -### Generic Workload on EC2 - -```terraform -resource "smallstep_device_collection" "ec2_west" { - slug = "ec2west" - display_name = "EC2 West" - device_type = "aws-vm" - aws_vm = { - accounts = ["0123456789"] - } - admin_emails = ["admin@example.com"] -} - -resource "smallstep_workload" "generic" { - depends_on = [smallstep_device_collection.ec2_west] - workload_type = "generic" - device_collection_slug = resource.smallstep_device_collection.ec2_west.slug - slug = "ec2generic" - display_name = "Generic Workload" - admin_emails = ["admin@example.com"] - - certificate_info = { - type = "X509" - } - - key_info = { - format = "DEFAULT" - type = "ECDSA_P256" - } -} -``` - -### Redis Workload with All Optionas - -```terraform -resource "smallstep_workload" "redis" { - depends_on = [smallstep_device_collection.ec2_west] - device_collection_slug = resource.smallstep_device_collection.ec2_west.slug - workload_type = "redis" - slug = "redisec2west" - display_name = "Redis EC2 West" - admin_emails = ["admin@example.com"] - - certificate_info = { - type = "X509" - duration = "168h" - crt_file = "db.crt" - key_file = "db.key" - root_file = "ca.crt" - uid = 1001 - gid = 999 - mode = 256 - } - - hooks = { - renew = { - shell = "/bin/sh" - before = [ - "echo renewing", - ] - after = [ - "echo renewed", - ] - on_error = [ - "echo failed renew", - ] - } - sign = { - shell = "/bin/bash" - before = [ - "echo signing", - ] - after = [ - "echo signed", - ] - on_error = [ - "echo failed sign", - ] - } - } - - key_info = { - format = "DEFAULT" - type = "ECDSA_P256" - } - - reload_info = { - method = "SIGNAL" - pid_file = "db.pid" - signal = 1 - } -} -``` - -<!-- schema generated by tfplugindocs --> -## Schema - -### Required - -- `authority_id` (String) A UUID identifying the authority to issue certificates for the workload. -- `certificate_data` (Attributes) (see [below for nested schema](#nestedatt--certificate_data)) -- `certificate_info` (Attributes) Details on a managed certificate. (see [below for nested schema](#nestedatt--certificate_info)) -- `device_collection_slug` (String) Slug of the device collection the workload will be added to. -- `display_name` (String) A friendly name for the workload. Also used as the Common Name, if no static SANs are provided. -- `key_info` (Attributes) The attributes of the cryptographic key. (see [below for nested schema](#nestedatt--key_info)) -- `slug` (String) Used as the identifier for the workload. - -### Optional - -- `hooks` (Attributes) The collection of commands to run when a certificate for a managed endpoint is signed or renewed. (see [below for nested schema](#nestedatt--hooks)) -- `reload_info` (Attributes) The properties used to reload a service. (see [below for nested schema](#nestedatt--reload_info)) -- `workload_type` (String) The type of workload being deployed. -Possible values are `etcd` `generic` `git` `grafana` `haproxy` `httpd` `kafka` `mysql` `nginx` `nodejs` `postgres` `redis` `tomcat` and `zookeeper`. -Use `generic` for a basic certificate workload. - -<a id="nestedatt--certificate_data"></a> -### Nested Schema for `certificate_data` - -Required: - -- `common_name` (Attributes) (see [below for nested schema](#nestedatt--certificate_data--common_name)) - -Optional: - -- `country` (Attributes) (see [below for nested schema](#nestedatt--certificate_data--country)) -- `locality` (Attributes) (see [below for nested schema](#nestedatt--certificate_data--locality)) -- `organization` (Attributes) (see [below for nested schema](#nestedatt--certificate_data--organization)) -- `organizational_unit` (Attributes) (see [below for nested schema](#nestedatt--certificate_data--organizational_unit)) -- `postal_code` (Attributes) (see [below for nested schema](#nestedatt--certificate_data--postal_code)) -- `province` (Attributes) (see [below for nested schema](#nestedatt--certificate_data--province)) -- `sans` (Attributes) (see [below for nested schema](#nestedatt--certificate_data--sans)) -- `street_address` (Attributes) (see [below for nested schema](#nestedatt--certificate_data--street_address)) - -<a id="nestedatt--certificate_data--common_name"></a> -### Nested Schema for `certificate_data.common_name` - -Optional: - -- `device_metadata` (String) -- `static` (String) - - -<a id="nestedatt--certificate_data--country"></a> -### Nested Schema for `certificate_data.country` - -Optional: - -- `device_metadata` (List of String) -- `static` (List of String) - - -<a id="nestedatt--certificate_data--locality"></a> -### Nested Schema for `certificate_data.locality` - -Optional: - -- `device_metadata` (List of String) -- `static` (List of String) - - -<a id="nestedatt--certificate_data--organization"></a> -### Nested Schema for `certificate_data.organization` - -Optional: - -- `device_metadata` (List of String) -- `static` (List of String) - - -<a id="nestedatt--certificate_data--organizational_unit"></a> -### Nested Schema for `certificate_data.organizational_unit` - -Optional: - -- `device_metadata` (List of String) -- `static` (List of String) - - -<a id="nestedatt--certificate_data--postal_code"></a> -### Nested Schema for `certificate_data.postal_code` - -Optional: - -- `device_metadata` (List of String) -- `static` (List of String) - - -<a id="nestedatt--certificate_data--province"></a> -### Nested Schema for `certificate_data.province` - -Optional: - -- `device_metadata` (List of String) -- `static` (List of String) - - -<a id="nestedatt--certificate_data--sans"></a> -### Nested Schema for `certificate_data.sans` - -Optional: - -- `device_metadata` (List of String) -- `static` (List of String) - - -<a id="nestedatt--certificate_data--street_address"></a> -### Nested Schema for `certificate_data.street_address` - -Optional: - -- `device_metadata` (List of String) -- `static` (List of String) - - - -<a id="nestedatt--certificate_info"></a> -### Nested Schema for `certificate_info` - -Required: - -- `type` (String) The type of certificate. Allowed values: `X509` `SSH_USER` `SSH_HOST` - -Optional: - -- `crt_file` (String) The filepath where the certificate is to be stored. -- `duration` (String) The certificate lifetime. Parsed as a [Golang duration](https://pkg.go.dev/time#ParseDuration). -- `gid` (Number) GID of the files where the certificate is stored. -- `key_file` (String) The filepath where the key is to be stored. -- `mode` (Number) Permission bits of the files where the certificate is stored. -- `root_file` (String) The filepath where the root certificate is to be stored. -- `uid` (Number) UID of the files where the certificate is stored. - - -<a id="nestedatt--key_info"></a> -### Nested Schema for `key_info` - -Required: - -- `format` (String) The format used to encode the private key. For X509 keys the default format is PKCS#8. The classic format is PKCS#1 for RSA keys, SEC 1 for ECDSA keys, and PKCS#8 for ED25519 keys. For SSH keys the default format is always the OPENSSH format. When a hardware module is used to store the keys the default will be a JSON representation of the key, except on Linux where tss2 will be used. Allowed values: `DEFAULT` `PKCS8` `OPENSSH` `TSS2` `CLASSIC` -- `type` (String) The key type used. The current DEFAULT type is ECDSA_P256. Allowed values: `DEFAULT` `ECDSA_P256` `ECDSA_P384` `ECDSA_P521` `RSA_2048` `RSA_3072` `RSA_4096` `ED25519` - -Optional: - -- `protection` (String) Whether to use a hardware module to store the private key for a workload certificate. If set to `NONE` no hardware module will be used. If set to `DEFAULT` a hardware module will only be used with format `TSS2`. `HARDWARE_WITH_FALLBACK` can only be used with the key format `DEFAULT`. Allowed values: `DEFAULT` `NONE` `HARDWARE` `HARDWARE_WITH_FALLBACK` `HARDWARE_ATTESTED` -- `pub_file` (String) A CSR or SSH public key to use instead of generating one. - - -<a id="nestedatt--hooks"></a> -### Nested Schema for `hooks` - -Optional: - -- `renew` (Attributes) A list of commands to run before and after a certificate is granted. (see [below for nested schema](#nestedatt--hooks--renew)) -- `sign` (Attributes) A list of commands to run before and after a certificate is granted. (see [below for nested schema](#nestedatt--hooks--sign)) - -<a id="nestedatt--hooks--renew"></a> -### Nested Schema for `hooks.renew` - -Optional: - -- `after` (List of String) List of commands to run after the operation. -- `before` (List of String) List of commands to run before the operation. -- `on_error` (List of String) List of commands to run when the operation fails. -- `shell` (String) The shell to use to execute the commands. - - -<a id="nestedatt--hooks--sign"></a> -### Nested Schema for `hooks.sign` - -Optional: - -- `after` (List of String) List of commands to run after the operation. -- `before` (List of String) List of commands to run before the operation. -- `on_error` (List of String) List of commands to run when the operation fails. -- `shell` (String) The shell to use to execute the commands. - - - -<a id="nestedatt--reload_info"></a> -### Nested Schema for `reload_info` - -Required: - -- `method` (String) Ways an endpoint can reload a certificate. `AUTOMATIC` means the process is able to detect and reload new certificates automatically. `CUSTOM` means a custom command must be run to trigger the workload to reload the certificates. `SIGNAL` will configure the agent to send a signal to the process in `pidFile`. `DBUS` will use the systemd system bus to issue a `try-reload-or-restart` job for unit specified by `unitName`. `PLATFORM` uses a method specific to the operating system. Allowed values: `AUTOMATIC` `CUSTOM` `SIGNAL` `DBUS` `PLATFORM` - -Optional: - -- `pid_file` (String) File that holds the pid of the process to signal. Required when method is SIGNAL. -- `signal` (Number) The signal to send to a process when a certificate should be reloaded. Required when method is SIGNAL. -- `unit_name` (String) The systemd unit name to reload when a certificate should be reloaded. Required when method is DBUS. diff --git a/examples/data-sources/smallstep_attestation_authority/data-source.tf b/examples/data-sources/smallstep_attestation_authority/data-source.tf deleted file mode 100644 index 99c9d29..0000000 --- a/examples/data-sources/smallstep_attestation_authority/data-source.tf +++ /dev/null @@ -1,4 +0,0 @@ - -data "smallstep_attestation_authority" "aa" { - id = "4958f125-8e2a-4c99-8c32-832b25e5569e" -} diff --git a/examples/data-sources/smallstep_collection/data-source.tf b/examples/data-sources/smallstep_collection/data-source.tf deleted file mode 100644 index 3844a75..0000000 --- a/examples/data-sources/smallstep_collection/data-source.tf +++ /dev/null @@ -1,4 +0,0 @@ - -data "smallstep_collection" "tpms" { - slug = "tpms" -} diff --git a/examples/data-sources/smallstep_collection_instance/data-source.tf b/examples/data-sources/smallstep_collection_instance/data-source.tf deleted file mode 100644 index 9e3815b..0000000 --- a/examples/data-sources/smallstep_collection_instance/data-source.tf +++ /dev/null @@ -1,5 +0,0 @@ - -data "smallstep_collection_instance" "tpm1" { - collection_slug = "tpms" - id = "urn:ek:sha256:RAzbOveN1Y45fYubuTxu5jOXWtOK1HbfZ7yHjBuWlyE=" -} diff --git a/examples/resources/smallstep_attestation_authority/import.sh b/examples/resources/smallstep_attestation_authority/import.sh deleted file mode 100644 index be15dcc..0000000 --- a/examples/resources/smallstep_attestation_authority/import.sh +++ /dev/null @@ -1 +0,0 @@ -terraform import smallstep_attestation_authority.aa 4958f125-8e2a-4c99-8c32-832b25e5569e diff --git a/examples/resources/smallstep_attestation_authority/resource.tf b/examples/resources/smallstep_attestation_authority/resource.tf deleted file mode 100644 index 7a6f9c9..0000000 --- a/examples/resources/smallstep_attestation_authority/resource.tf +++ /dev/null @@ -1,12 +0,0 @@ - -resource "smallstep_collection" "tpms" { - slug = "tpms" -} - -resource "smallstep_attestation_authority" "aa" { - name = "Foo Attest" - catalog = smallstep_collection.tpms.slug - attestor_roots = "-----BEGIN CERTIFICATE-----\n..." - attestor_intermediates = "----- BEGIN CERTIFICATE-----\n..." - depends_on = [smallstep_collection.tpms] -} diff --git a/examples/resources/smallstep_collection/import.sh b/examples/resources/smallstep_collection/import.sh deleted file mode 100644 index 5f608ad..0000000 --- a/examples/resources/smallstep_collection/import.sh +++ /dev/null @@ -1 +0,0 @@ -terraform import smallstep_collection.devices devices diff --git a/examples/resources/smallstep_collection/resource.tf b/examples/resources/smallstep_collection/resource.tf deleted file mode 100644 index 7b2b0b4..0000000 --- a/examples/resources/smallstep_collection/resource.tf +++ /dev/null @@ -1,4 +0,0 @@ - -resource "smallstep_collection" "tpms" { - slug = "tpms" -} diff --git a/examples/resources/smallstep_device_collection/aws.tf b/examples/resources/smallstep_device_collection/aws.tf deleted file mode 100644 index 860cf42..0000000 --- a/examples/resources/smallstep_device_collection/aws.tf +++ /dev/null @@ -1,11 +0,0 @@ - -resource "smallstep_device_collection" "aws" { - slug = "ec2west" - display_name = "EC2 West" - admin_emails = ["admin@example.com"] - device_type = "aws-vm" - aws_vm = { - accounts = ["0123456789"] - disable_custom_sans = false - } -} diff --git a/examples/resources/smallstep_device_collection/azure.tf b/examples/resources/smallstep_device_collection/azure.tf deleted file mode 100644 index b7af889..0000000 --- a/examples/resources/smallstep_device_collection/azure.tf +++ /dev/null @@ -1,13 +0,0 @@ - -resource "smallstep_device_collection" "azure" { - slug = "azure" - display_name = "Azure VMs" - admin_emails = ["admin@example.com"] - device_type = "azure-vm" - azure_vm = { - tenant_id = "76543210" - resource_groups = ["0123456789"] - disable_custom_sans = false - audience = "" - } -} diff --git a/examples/resources/smallstep_device_collection/provider.tf b/examples/resources/smallstep_device_collection/provider.tf deleted file mode 100644 index 18392c1..0000000 --- a/examples/resources/smallstep_device_collection/provider.tf +++ /dev/null @@ -1,19 +0,0 @@ -# This file is not shown in example docs but is used for testing -terraform { - required_providers { - smallstep = { - source = "smallstep/smallstep" - } - google = { - source = "hashicorp/google" - version = "5.2.0" - } - } -} - -provider "smallstep" {} - -provider "google" { - project = "prod-1234" - region = "us-central1" -} diff --git a/examples/resources/smallstep_device_collection/resource.tf b/examples/resources/smallstep_device_collection/resource.tf deleted file mode 100644 index 1f1674c..0000000 --- a/examples/resources/smallstep_device_collection/resource.tf +++ /dev/null @@ -1,26 +0,0 @@ - -resource "smallstep_device_collection" "gcp" { - slug = "gce" - display_name = "GCE" - device_type = "gcp-vm" - gcp_vm = { - service_accounts = ["pki@prod-1234.iam.gserviceaccount.com"] - } - admin_emails = ["admin@example.com"] -} - -data "google_compute_instance" "dbserver" { - name = "dbserver" - zone = "us-central1-b" -} - -resource "smallstep_collection_instance" "dbserver" { - depends_on = [smallstep_device_collection.gcp] - collection_slug = smallstep_device_collection.gcp.slug - id = data.google_compute_instance.dbserver.instance_id - data = jsonencode({ - "hostname" = data.google_compute_instance.dbserver.name - "private_ip" = data.google_compute_instance.dbserver.network_interface.0.network_ip - "public_ip" = data.google_compute_instance.dbserver.network_interface.0.access_config[0].nat_ip - }) -} diff --git a/examples/resources/smallstep_device_collection/tpm.tf b/examples/resources/smallstep_device_collection/tpm.tf deleted file mode 100644 index 8a9bfa0..0000000 --- a/examples/resources/smallstep_device_collection/tpm.tf +++ /dev/null @@ -1,10 +0,0 @@ - -resource "smallstep_device_collection" "tpm" { - slug = "tmpservers" - display_name = "TPM Servers" - admin_emails = ["admin@example.com"] - device_type = "tpm" - tpm = { - attestor_roots = file("${path.module}/root.crt") - } -} diff --git a/examples/resources/smallstep_workload/redis.tf b/examples/resources/smallstep_workload/redis.tf deleted file mode 100644 index 7ea1e0a..0000000 --- a/examples/resources/smallstep_workload/redis.tf +++ /dev/null @@ -1,58 +0,0 @@ - -resource "smallstep_workload" "redis" { - depends_on = [smallstep_device_collection.ec2_west] - device_collection_slug = resource.smallstep_device_collection.ec2_west.slug - workload_type = "redis" - slug = "redisec2west" - display_name = "Redis EC2 West" - admin_emails = ["admin@example.com"] - - certificate_info = { - type = "X509" - duration = "168h" - crt_file = "db.crt" - key_file = "db.key" - root_file = "ca.crt" - uid = 1001 - gid = 999 - mode = 256 - } - - hooks = { - renew = { - shell = "/bin/sh" - before = [ - "echo renewing", - ] - after = [ - "echo renewed", - ] - on_error = [ - "echo failed renew", - ] - } - sign = { - shell = "/bin/bash" - before = [ - "echo signing", - ] - after = [ - "echo signed", - ] - on_error = [ - "echo failed sign", - ] - } - } - - key_info = { - format = "DEFAULT" - type = "ECDSA_P256" - } - - reload_info = { - method = "SIGNAL" - pid_file = "db.pid" - signal = 1 - } -} diff --git a/examples/resources/smallstep_workload/resource.tf b/examples/resources/smallstep_workload/resource.tf deleted file mode 100644 index 5e1b6e7..0000000 --- a/examples/resources/smallstep_workload/resource.tf +++ /dev/null @@ -1,28 +0,0 @@ - -resource "smallstep_device_collection" "ec2_west" { - slug = "ec2west" - display_name = "EC2 West" - device_type = "aws-vm" - aws_vm = { - accounts = ["0123456789"] - } - admin_emails = ["admin@example.com"] -} - -resource "smallstep_workload" "generic" { - depends_on = [smallstep_device_collection.ec2_west] - workload_type = "generic" - device_collection_slug = resource.smallstep_device_collection.ec2_west.slug - slug = "ec2generic" - display_name = "Generic Workload" - admin_emails = ["admin@example.com"] - - certificate_info = { - type = "X509" - } - - key_info = { - format = "DEFAULT" - type = "ECDSA_P256" - } -} diff --git a/templates/resources/device_collection.md.tmpl b/templates/resources/device_collection.md.tmpl deleted file mode 100644 index ba168da..0000000 --- a/templates/resources/device_collection.md.tmpl +++ /dev/null @@ -1,39 +0,0 @@ ---- -# generated by https://github.com/hashicorp/terraform-plugin-docs -page_title: "{{.Name}} {{.Type}} - {{.ProviderName}}" -subcategory: "" -description: |- -{{ .Description | plainmarkdown | trimspace | prefixlines " " }} ---- - -# {{.Name}} ({{.Type}}) - -{{ .Description | trimspace }} - -## Example Usage - -### GCP VM Device Collection with GCE Instance - -{{ tffile "examples/resources/smallstep_device_collection/resource.tf" }} - -### TPM Device Collection - -{{ tffile "examples/resources/smallstep_device_collection/tpm.tf" }} - -### EC2 Device Collection - -{{ tffile "examples/resources/smallstep_device_collection/aws.tf" }} - -### Azure VM Device Collection - -{{ tffile "examples/resources/smallstep_device_collection/azure.tf" }} - -{{ .SchemaMarkdown | trimspace }} - -{{- if .HasImport }} -## Import - -Import is supported using the following syntax: - -{{ codefile "examples/resources/smallstep_device_collection/import.sh" }} -{{- end }} diff --git a/templates/resources/workload.md.tmpl b/templates/resources/workload.md.tmpl deleted file mode 100644 index a7e58b0..0000000 --- a/templates/resources/workload.md.tmpl +++ /dev/null @@ -1,31 +0,0 @@ ---- -# generated by https://github.com/hashicorp/terraform-plugin-docs -page_title: "{{.Name}} {{.Type}} - {{.ProviderName}}" -subcategory: "" -description: |- -{{ .Description | plainmarkdown | trimspace | prefixlines " " }} ---- - -# {{.Name}} ({{.Type}}) - -{{ .Description | trimspace }} - -## Example Usage - -### Generic Workload on EC2 - -{{ tffile "examples/resources/smallstep_workload/resource.tf" }} - -### Redis Workload with All Optionas - -{{ tffile "examples/resources/smallstep_workload/redis.tf" }} - -{{ .SchemaMarkdown | trimspace }} - -{{- if .HasImport }} -## Import - -Import is supported using the following syntax: - -{{ codefile "examples/resources/smallstep_workload/import.sh" }} -{{- end }} -- GitLab